{"result": {"debian": [{"published": "2006-08-10T00:00:00", "type": "debian", "cvss": {"vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/", "score": 7.5}, "description": "Tavis Ormandy from the Google Security Team discovered a missing boundary check in ncompress, the original Lempel-Ziv compress and uncompress programs, which allows a specially crafted datastream to underflow a buffer with attacker controlled data.\n\nFor the stable distribution (sarge) this problem has been fixed in version 4.2.4-15sarge2.\n\nFor the unstable distribution (sid) this problem has been fixed in version 4.2.4-15sarge2.\n\nWe recommend that you upgrade your ncompress package.", "title": "ncompress -- buffer underflow", "lastseen": "2016-09-02T18:22:57", "cvelist": ["CVE-2006-1168"], "href": "http://www.debian.org/security/dsa-1149", "id": "DSA-1149"}], "oraclelinux": [{"published": "2012-06-27T00:00:00", "type": "oraclelinux", "cvss": {"vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/", "score": 7.5}, "description": "[1:1.15.1-15]\n- Fix btrfs support to findfs and related applets\n- Resolves: #751927\n[1:1.15.1-14]\n- Resolves: #790335 'busybox various flaws'\n Added a fix for SEGV on empty command in hush\n[1:1.15.1-13]\n- Resolves: #790335 'busybox various flaws' including:\n 'buffer underflow in decompression'\n 'udhcpc insufficient checking of DHCP options'\n[1:1.15.1-12]\n- Backport 'set -o pipefail' support\n- Resolves: #782018\n- Add btrfs support to findfs and related applets\n- Resolves: #751927", "title": "busybox security and bug fix update", "lastseen": "2016-09-04T11:17:02", "cvelist": ["CVE-2006-1168", "CVE-2011-2716"], "href": "http://linux.oracle.com/errata/ELSA-2012-0810.html", "id": "ELSA-2012-0810"}, {"published": "2012-03-01T00:00:00", "type": "oraclelinux", "cvss": {"vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/", "score": 7.5}, "description": "[1:1.2.0-13]\n- Resolves: #768083 'busybox various flaws' including:\n 'buffer underflow in decompression'\n 'udhcpc insufficient checking of DHCP options'\n[1:1.2.0-12]\n- Resolves: #756723\n 'Kdump fails after findfs subcommand of busybox fails'\n[1:1.2.0-11]\n- Resolves: #689659\n ''busybox cp' does not return a correct exit code when 'No space left on device''", "title": "busybox security and bug fix update", "lastseen": "2016-09-04T11:16:08", "cvelist": ["CVE-2006-1168", "CVE-2011-2716"], "href": "http://linux.oracle.com/errata/ELSA-2012-0308.html", "id": "ELSA-2012-0308"}], "centos": [{"published": "2006-09-12T19:02:58", "type": "centos", "cvss": {"vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/", "score": 7.5}, "description": "**CentOS Errata and Security Advisory** CESA-2006:0663\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2006-September/013219.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-September/013222.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-September/013225.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-September/013227.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-September/013234.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-September/013235.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-September/013248.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-September/013249.html\n\n**Affected packages:**\nncompress\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2006-0663.html", "title": "ncompress security update", "lastseen": "2016-12-05T19:59:23", "cvelist": ["CVE-2006-1168"], "href": "http://lists.centos.org/pipermail/centos-announce/2006-September/013219.html", "id": "CESA-2006:0663"}, {"published": "2006-09-13T01:52:24", "type": "centos", "cvss": {"vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/", "score": 7.5}, "description": "**CentOS Errata and Security Advisory** CESA-2006:0663-01\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2006-September/013229.html\n\n**Affected packages:**\nncompress\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/rh21as-errata.html", "title": "ncompress security update", "lastseen": "2016-12-05T20:43:32", "cvelist": ["CVE-2006-1168"], "href": "http://lists.centos.org/pipermail/centos-announce/2006-September/013229.html", "id": "CESA-2006:0663-01"}, {"published": "2012-07-10T13:22:13", "type": "centos", "cvss": {"vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/", "score": 7.5}, "description": "**CentOS Errata and Security Advisory** CESA-2012:0810\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2012-July/018712.html\n\n**Affected packages:**\nbusybox\nbusybox-petitboot\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2012-0810.html", "title": "busybox security update", "lastseen": "2016-12-05T20:03:22", "cvelist": ["CVE-2006-1168", "CVE-2011-2716"], "href": "http://lists.centos.org/pipermail/centos-announce/2012-July/018712.html", "id": "CESA-2012:0810"}], "amazon": [{"published": "2012-07-05T16:23:00", "type": "amazon", "cvss": {"vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/", "score": 7.5}, "description": "**Issue Overview:**\n\nA buffer underflow flaw was found in the way the uncompress utility of BusyBox expanded certain archive files compressed using Lempel-Ziv compression. If a user were tricked into expanding a specially-crafted archive file with uncompress, it could cause BusyBox to crash or, potentially, execute arbitrary code with the privileges of the user running BusyBox. ([CVE-2006-1168 __](<https://access.redhat.com/security/cve/CVE-2006-1168>))\n\nThe BusyBox DHCP client, udhcpc, did not sufficiently sanitize certain options provided in DHCP server replies, such as the client hostname. A malicious DHCP server could send such an option with a specially-crafted value to a DHCP client. If this option's value was saved on the client system, and then later insecurely evaluated by a process that assumes the option is trusted, it could lead to arbitrary code execution with the privileges of that process. ([CVE-2011-2716 __](<https://access.redhat.com/security/cve/CVE-2011-2716>))\n\n \n**Affected Packages:** \n\n\nbusybox\n\n \n**Issue Correction:** \nRun _yum update busybox_ to update your system. \n\n \n**New Packages:**\n \n \n i686: \n busybox-1.19.3-2.11.amzn1.i686 \n busybox-petitboot-1.19.3-2.11.amzn1.i686 \n \n src: \n busybox-1.19.3-2.11.amzn1.src \n \n x86_64: \n busybox-1.19.3-2.11.amzn1.x86_64 \n busybox-petitboot-1.19.3-2.11.amzn1.x86_64 \n \n \n", "title": "Low: busybox", "lastseen": "2016-09-28T21:04:01", "cvelist": ["CVE-2006-1168", "CVE-2011-2716"], "href": "https://alas.aws.amazon.com/ALAS-2012-103.html", "id": "ALAS-2012-103"}], "nessus": [{"published": "2013-07-12T00:00:00", "type": "nessus", "cvss": {"vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/", "score": 7.5}, "description": "From Red Hat Security Advisory 2006:0663 :\n\nUpdated ncompress packages that address a security issue and fix bugs are now available.\n\nThis update has been rated as having low security impact by the Red Hat Security Response Team.\n\nThe ncompress package contains file compression and decompression utilities, which are compatible with the original UNIX compress utility (.Z file extensions).\n\nTavis Ormandy of the Google Security Team discovered a lack of bounds checking in ncompress. An attacker could create a carefully crafted file that could execute arbitrary code if uncompressed by a victim.\n(CVE-2006-1168)\n\nIn addition, two bugs that affected Red Hat Enterprise Linux 4 ncompress packages were fixed :\n\n* The display statistics and compression results in verbose mode were not shown when operating on zero length files.\n\n* An attempt to compress zero length files resulted in an unexpected return code.\n\nUsers of ncompress are advised to upgrade to these updated packages, which contain backported patches to correct these issues.", "title": "Oracle Linux 3 / 4 : ncompress (ELSA-2006-0663)", "lastseen": "2016-09-26T17:26:21", "cvelist": ["CVE-2006-1168"], "href": "https://www.tenable.com/plugins/index.php?view=single&id=67406", "id": "ORACLELINUX_ELSA-2006-0663.NASL"}, {"published": "2007-12-13T00:00:00", "type": "nessus", "cvss": {"vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/", "score": 7.5}, "description": "Lack of bounds checking in the decompression routine could result in a heap buffer underflow. Attackers could potentially exploit this to execute arbitrary code by tricking users into decompressing a specially crafted archive. (CVE-2006-1168)", "title": "SuSE 10 Security Update : ncompress (ZYPP Patch Number 1911)", "lastseen": "2016-09-26T17:23:59", "cvelist": ["CVE-2006-1168"], "href": "https://www.tenable.com/plugins/index.php?view=single&id=29527", "id": "SUSE_NCOMPRESS-1911.NASL"}, {"published": "2006-09-14T00:00:00", "type": "nessus", "cvss": {"vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/", "score": 7.5}, "description": "Updated ncompress packages that address a security issue and fix bugs are now available.\n\nThis update has been rated as having low security impact by the Red Hat Security Response Team.\n\nThe ncompress package contains file compression and decompression utilities, which are compatible with the original UNIX compress utility (.Z file extensions).\n\nTavis Ormandy of the Google Security Team discovered a lack of bounds checking in ncompress. An attacker could create a carefully crafted file that could execute arbitrary code if uncompressed by a victim.\n(CVE-2006-1168)\n\nIn addition, two bugs that affected Red Hat Enterprise Linux 4 ncompress packages were fixed :\n\n* The display statistics and compression results in verbose mode were not shown when operating on zero length files.\n\n* An attempt to compress zero length files resulted in an unexpected return code.\n\nUsers of ncompress are advised to upgrade to these updated packages, which contain backported patches to correct these issues.", "title": "RHEL 2.1 / 3 / 4 : ncompress (RHSA-2006:0663)", "lastseen": "2016-09-26T17:24:23", "cvelist": ["CVE-2006-1168"], "href": "https://www.tenable.com/plugins/index.php?view=single&id=22345", "id": "REDHAT-RHSA-2006-0663.NASL"}, {"published": "2006-12-16T00:00:00", "type": "nessus", "cvss": {"vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/", "score": 7.5}, "description": "Tavis Ormandy, of the Google Security Team, discovered that ncompress, when uncompressing data, performed no bounds checking, which could allow a specially crafted datastream to underflow a .bss buffer with attacker controlled data.\n\nUpdated packages have been patched to correct this issue.", "title": "Mandrake Linux Security Advisory : ncompress (MDKSA-2006:140)", "lastseen": "2016-09-26T17:25:02", "cvelist": ["CVE-2006-1168"], "href": "https://www.tenable.com/plugins/index.php?view=single&id=23889", "id": "MANDRAKE_MDKSA-2006-140.NASL"}, {"published": "2006-09-14T00:00:00", "type": "nessus", "cvss": {"vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/", "score": 7.5}, "description": "Updated ncompress packages that address a security issue and fix bugs are now available.\n\nThis update has been rated as having low security impact by the Red Hat Security Response Team.\n\nThe ncompress package contains file compression and decompression utilities, which are compatible with the original UNIX compress utility (.Z file extensions).\n\nTavis Ormandy of the Google Security Team discovered a lack of bounds checking in ncompress. An attacker could create a carefully crafted file that could execute arbitrary code if uncompressed by a victim.\n(CVE-2006-1168)\n\nIn addition, two bugs that affected Red Hat Enterprise Linux 4 ncompress packages were fixed :\n\n* The display statistics and compression results in verbose mode were not shown when operating on zero length files.\n\n* An attempt to compress zero length files resulted in an unexpected return code.\n\nUsers of ncompress are advised to upgrade to these updated packages, which contain backported patches to correct these issues.", "title": "CentOS 3 / 4 : ncompress (CESA-2006:0663)", "lastseen": "2016-09-26T17:23:02", "cvelist": ["CVE-2006-1168"], "href": "https://www.tenable.com/plugins/index.php?view=single&id=22338", "id": "CENTOS_RHSA-2006-0663.NASL"}, {"published": "2006-10-10T00:00:00", "type": "nessus", "cvss": {"vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/", "score": 7.5}, "description": "The remote host is affected by the vulnerability described in GLSA-200610-03 (ncompress: Buffer Underflow)\n\n Tavis Ormandy of the Google Security Team discovered a static buffer underflow in ncompress.\n Impact :\n\n An attacker could create a specially crafted LZW archive, that when decompressed by a user or automated system would result in the execution of arbitrary code with the permissions of the user invoking the utility.\n Workaround :\n\n There is no known workaround at this time.", "title": "GLSA-200610-03 : ncompress: Buffer Underflow", "lastseen": "2016-09-26T17:23:31", "cvelist": ["CVE-2006-1168"], "href": "https://www.tenable.com/plugins/index.php?view=single&id=22522", "id": "GENTOO_GLSA-200610-03.NASL"}, {"published": "2006-10-14T00:00:00", "type": "nessus", "cvss": {"vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/", "score": 7.5}, "description": "Tavis Ormandy from the Google Security Team discovered a missing boundary check in ncompress, the original Lempel-Ziv compress and uncompress programs, which allows a specially crafted datastream to underflow a buffer with attacker controlled data.", "title": "Debian DSA-1149-1 : ncompress - buffer underflow", "lastseen": "2016-09-26T17:24:50", "cvelist": ["CVE-2006-1168"], "href": "https://www.tenable.com/plugins/index.php?view=single&id=22691", "id": "DEBIAN_DSA-1149.NASL"}, {"published": "2012-08-01T00:00:00", "type": "nessus", "cvss": {"vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/", "score": 7.5}, "description": "BusyBox provides a single binary that includes versions of a large number of system commands, including a shell. This can be very useful for recovering from certain types of system failures, particularly those involving broken shared libraries.\n\nA buffer underflow flaw was found in the way the uncompress utility of BusyBox expanded certain archive files compressed using Lempel-Ziv compression. If a user were tricked into expanding a specially crafted archive file with uncompress, it could cause BusyBox to crash or, potentially, execute arbitrary code with the privileges of the user running BusyBox. (CVE-2006-1168)\n\nThe BusyBox DHCP client, udhcpc, did not sufficiently sanitize certain options provided in DHCP server replies, such as the client hostname.\nA malicious DHCP server could send such an option with a specially crafted value to a DHCP client. If this option's value was saved on the client system, and then later insecurely evaluated by a process that assumes the option is trusted, it could lead to arbitrary code execution with the privileges of that process. Note: udhcpc is not used on Scientific Linux by default, and no DHCP client script is provided with the busybox packages. (CVE-2011-2716)\n\nThis update also fixes the following bugs :\n\n - Prior to this update, the cp command wrongly returned the exit code 0 to indicate success if a device ran out of space while attempting to copy files of more than 4 gigabytes. This update modifies BusyBox, so that in such situations, the exit code 1 is returned. Now, the cp command shows correctly whether a process failed.\n\n - Prior to this update, the findfs command failed to check all existing block devices on a system with thousands of block device nodes in '/dev/'. This update modifies BusyBox so that findfs checks all block devices even in this case.\n\nAll users of busybox are advised to upgrade to these updated packages, which correct these issues.", "title": "Scientific Linux Security Update : busybox on SL5.x i386/x86_64", "lastseen": "2016-09-26T17:25:51", "cvelist": ["CVE-2006-1168", "CVE-2011-2716"], "href": "https://www.tenable.com/plugins/index.php?view=single&id=61257", "id": "SL_20120221_BUSYBOX_ON_SL5_X.NASL"}, {"published": "2012-08-01T00:00:00", "type": "nessus", "cvss": {"vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/", "score": 7.5}, "description": "BusyBox provides a single binary that includes versions of a large number of system commands, including a shell. This can be very useful for recovering from certain types of system failures, particularly those involving broken shared libraries.\n\nA buffer underflow flaw was found in the way the uncompress utility of BusyBox expanded certain archive files compressed using Lempel-Ziv compression. If a user were tricked into expanding a specially crafted archive file with uncompress, it could cause BusyBox to crash or, potentially, execute arbitrary code with the privileges of the user running BusyBox. (CVE-2006-1168)\n\nThe BusyBox DHCP client, udhcpc, did not sufficiently sanitize certain options provided in DHCP server replies, such as the client hostname.\nA malicious DHCP server could send such an option with a specially crafted value to a DHCP client. If this option's value was saved on the client system, and then later insecurely evaluated by a process that assumes the option is trusted, it could lead to arbitrary code execution with the privileges of that process. Note: udhcpc is not used on Scientific Linux by default, and no DHCP client script is provided with the busybox packages. (CVE-2011-2716)\n\nThis update also fixes the following bugs :\n\n - Prior to this update, the 'findfs' command did not recognize Btrfs partitions. As a consequence, an error message could occur when dumping a core file. This update adds support for recognizing such partitions so the problem no longer occurs.\n\n - If the 'grep' command was used with the '-F' and '-i' options at the same time, the '-i' option was ignored.\n As a consequence, the 'grep -iF' command incorrectly performed a case-sensitive search instead of an insensitive search. A patch has been applied to ensure that the combination of the '-F' and '-i' options works as expected.\n\n - Prior to this update, the msh shell did not support the 'set -o pipefail' command. This update adds support for this command.\n\n - Previously, the msh shell could terminate unexpectedly with a segmentation fault when attempting to execute an empty command as a result of variable substitution (for example msh -c '$nonexistent_variable'). With this update, msh has been modified to correctly interpret such commands and no longer crashes in this scenario.\n\n - Previously, the msh shell incorrectly executed empty loops. As a consequence, msh never exited such a loop even if the loop condition was false, which could cause scripts using the loop to become unresponsive. With this update, msh has been modified to execute and exit empty loops correctly, so that hangs no longer occur.\n\nAll users of busybox are advised to upgrade to these updated packages, which contain backported patches to fix these issues.", "title": "Scientific Linux Security Update : busybox on SL6.x i386/x86_64", "lastseen": "2016-09-26T17:24:46", "cvelist": ["CVE-2006-1168", "CVE-2011-2716"], "href": "https://www.tenable.com/plugins/index.php?view=single&id=61337", "id": "SL_20120620_BUSYBOX_ON_SL6_X.NASL"}, {"published": "2012-02-21T00:00:00", "type": "nessus", "cvss": {"vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/", "score": 7.5}, "description": "Updated busybox packages that fix two security issues and two bugs are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having low security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nBusyBox provides a single binary that includes versions of a large number of system commands, including a shell. This can be very useful for recovering from certain types of system failures, particularly those involving broken shared libraries.\n\nA buffer underflow flaw was found in the way the uncompress utility of BusyBox expanded certain archive files compressed using Lempel-Ziv compression. If a user were tricked into expanding a specially crafted archive file with uncompress, it could cause BusyBox to crash or, potentially, execute arbitrary code with the privileges of the user running BusyBox. (CVE-2006-1168)\n\nThe BusyBox DHCP client, udhcpc, did not sufficiently sanitize certain options provided in DHCP server replies, such as the client hostname.\nA malicious DHCP server could send such an option with a specially crafted value to a DHCP client. If this option's value was saved on the client system, and then later insecurely evaluated by a process that assumes the option is trusted, it could lead to arbitrary code execution with the privileges of that process. Note: udhcpc is not used on Red Hat Enterprise Linux by default, and no DHCP client script is provided with the busybox packages. (CVE-2011-2716)\n\nThis update also fixes the following bugs :\n\n* Prior to this update, the cp command wrongly returned the exit code 0 to indicate success if a device ran out of space while attempting to copy files of more than 4 gigabytes. This update modifies BusyBox, so that in such situations, the exit code 1 is returned. Now, the cp command shows correctly whether a process failed. (BZ#689659)\n\n* Prior to this update, the findfs command failed to check all existing block devices on a system with thousands of block device nodes in '/dev/'. This update modifies BusyBox so that findfs checks all block devices even in this case. (BZ#756723)\n\nAll users of busybox are advised to upgrade to these updated packages, which correct these issues.", "title": "RHEL 5 : busybox (RHSA-2012:0308)", "lastseen": "2016-09-26T17:23:55", "cvelist": ["CVE-2006-1168", "CVE-2011-2716"], "href": "https://www.tenable.com/plugins/index.php?view=single&id=58062", "id": "REDHAT-RHSA-2012-0308.NASL"}], "redhat": [{"published": "2006-09-12T04:00:00", "type": "redhat", "cvss": {"vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/", "score": 7.5}, "description": "The ncompress package contains file compression and decompression\r\nutilities, which are compatible with the original UNIX compress utility (.Z\r\nfile extensions).\r\n\r\nTavis Ormandy of the Google Security Team discovered a lack of bounds\r\nchecking in ncompress. An attacker could create a carefully crafted file\r\nthat could execute arbitrary code if uncompressed by a victim. (CVE-2006-1168)\r\n\r\nIn addition, two bugs that affected Red Hat Enterprise Linux 4 ncompress\r\npackages were fixed:\r\n\r\n* The display statistics and compression results in verbose mode were not\r\nshown when operating on zero length files.\r\n\r\n* An attempt to compress zero length files resulted in an unexpected return\r\ncode.\r\n\r\nUsers of ncompress are advised to upgrade to these updated packages, which\r\ncontain backported patches to correct these issues.", "title": "(RHSA-2006:0663) ncompress security update", "lastseen": "2016-09-04T11:17:59", "cvelist": ["CVE-2006-1168"], "href": "https://access.redhat.com/errata/RHSA-2006:0663", "id": "RHSA-2006:0663"}, {"published": "2012-06-20T04:00:00", "type": "redhat", "cvss": {"vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/", "score": 7.5}, "description": "BusyBox provides a single binary that includes versions of a large number\nof system commands, including a shell. This can be very useful for\nrecovering from certain types of system failures, particularly those\ninvolving broken shared libraries.\n\nA buffer underflow flaw was found in the way the uncompress utility of\nBusyBox expanded certain archive files compressed using Lempel-Ziv\ncompression. If a user were tricked into expanding a specially-crafted\narchive file with uncompress, it could cause BusyBox to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning BusyBox. (CVE-2006-1168)\n\nThe BusyBox DHCP client, udhcpc, did not sufficiently sanitize certain\noptions provided in DHCP server replies, such as the client hostname. A\nmalicious DHCP server could send such an option with a specially-crafted\nvalue to a DHCP client. If this option's value was saved on the client\nsystem, and then later insecurely evaluated by a process that assumes the\noption is trusted, it could lead to arbitrary code execution with the\nprivileges of that process. Note: udhcpc is not used on Red Hat Enterprise\nLinux by default, and no DHCP client script is provided with the busybox\npackages. (CVE-2011-2716)\n\nThis update also fixes the following bugs:\n\n* Prior to this update, the \"findfs\" command did not recognize Btrfs\npartitions. As a consequence, an error message could occur when dumping a\ncore file. This update adds support for recognizing such partitions so\nthe problem no longer occurs. (BZ#751927)\n\n* If the \"grep\" command was used with the \"-F\" and \"-i\" options at the\nsame time, the \"-i\" option was ignored. As a consequence, the \"grep -iF\"\ncommand incorrectly performed a case-sensitive search instead of an\ninsensitive search. A patch has been applied to ensure that the combination\nof the \"-F\" and \"-i\" options works as expected. (BZ#752134)\n\n* Prior to this update, the msh shell did not support the \"set -o pipefail\"\ncommand. This update adds support for this command. (BZ#782018)\n\n* Previously, the msh shell could terminate unexpectedly with a\nsegmentation fault when attempting to execute an empty command as a result\nof variable substitution (for example msh -c '$nonexistent_variable').\nWith this update, msh has been modified to correctly interpret such\ncommands and no longer crashes in this scenario. (BZ#809092)\n\n* Previously, the msh shell incorrectly executed empty loops. As a\nconsequence, msh never exited such a loop even if the loop condition was\nfalse, which could cause scripts using the loop to become unresponsive.\nWith this update, msh has been modified to execute and exit empty loops\ncorrectly, so that hangs no longer occur. (BZ#752132)\n\nAll users of busybox are advised to upgrade to these updated packages,\nwhich contain backported patches to fix these issues.\n", "title": "(RHSA-2012:0810) Low: busybox security and bug fix update", "lastseen": "2016-09-04T11:18:00", "cvelist": ["CVE-2006-1168", "CVE-2011-2716"], "href": "https://access.redhat.com/errata/RHSA-2012:0810", "id": "RHSA-2012:0810"}, {"published": "2012-02-21T05:00:00", "type": "redhat", "cvss": {"vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/", "score": 7.5}, "description": "BusyBox provides a single binary that includes versions of a large number\nof system commands, including a shell. This can be very useful for\nrecovering from certain types of system failures, particularly those\ninvolving broken shared libraries.\n\nA buffer underflow flaw was found in the way the uncompress utility of\nBusyBox expanded certain archive files compressed using Lempel-Ziv\ncompression. If a user were tricked into expanding a specially-crafted\narchive file with uncompress, it could cause BusyBox to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nBusyBox. (CVE-2006-1168)\n\nThe BusyBox DHCP client, udhcpc, did not sufficiently sanitize certain\noptions provided in DHCP server replies, such as the client hostname. A\nmalicious DHCP server could send such an option with a specially-crafted\nvalue to a DHCP client. If this option's value was saved on the client\nsystem, and then later insecurely evaluated by a process that assumes the\noption is trusted, it could lead to arbitrary code execution with the\nprivileges of that process. Note: udhcpc is not used on Red Hat Enterprise\nLinux by default, and no DHCP client script is provided with the busybox\npackages. (CVE-2011-2716)\n\nThis update also fixes the following bugs:\n\n* Prior to this update, the cp command wrongly returned the exit code 0 to\nindicate success if a device ran out of space while attempting to copy\nfiles of more than 4 gigabytes. This update modifies BusyBox, so that in\nsuch situations, the exit code 1 is returned. Now, the cp command shows\ncorrectly whether a process failed. (BZ#689659)\n\n* Prior to this update, the findfs command failed to check all existing\nblock devices on a system with thousands of block device nodes in \"/dev/\".\nThis update modifies BusyBox so that findfs checks all block devices even\nin this case. (BZ#756723)\n\nAll users of busybox are advised to upgrade to these updated packages,\nwhich correct these issues.\n", "title": "(RHSA-2012:0308) Low: busybox security and bug fix update", "lastseen": "2016-09-04T11:17:36", "cvelist": ["CVE-2006-1168", "CVE-2011-2716"], "href": "https://access.redhat.com/errata/RHSA-2012:0308", "id": "RHSA-2012:0308"}], "openvas": [{"published": "2008-09-24T00:00:00", "type": "openvas", "cvss": {"vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/", "score": 7.5}, "description": "The remote host is missing updates announced in\nadvisory GLSA 200610-03.", "title": "Gentoo Security Advisory GLSA 200610-03 (ncompress)", "lastseen": "2016-11-02T12:45:38", "cvelist": ["CVE-2006-1168"], "href": "http://plugins.openvas.org/nasl.php?oid=57901", "id": "OPENVAS:57901"}, {"published": "2008-01-17T00:00:00", "type": "openvas", "cvss": {"vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/", "score": 7.5}, "description": "The remote host is missing an update to ncompress\nannounced via advisory DSA 1149-1.\n\nTavis Ormandy from the Google Security Team discovered a missing\nboundary check in ncompress, the original Lempel-Ziv compress and\nuncompress programs, which allows a specially crafted datastream to\nunderflow a buffer with attacker controlled data.", "title": "Debian Security Advisory DSA 1149-1 (ncompress)", "lastseen": "2016-09-26T20:41:42", "cvelist": ["CVE-2006-1168"], "href": "http://plugins.openvas.org/nasl.php?oid=57266", "id": "OPENVAS:57266"}, {"published": "2009-10-10T00:00:00", "type": "openvas", "cvss": {"vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/", "score": 7.5}, "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n ncompress\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5010157 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "title": "SLES9: Security update for ncompress", "lastseen": "2016-09-26T20:41:22", "cvelist": ["CVE-2006-1168"], "href": "http://plugins.openvas.org/nasl.php?oid=65061", "id": "OPENVAS:65061"}, {"published": "2012-07-30T00:00:00", "type": "openvas", "cvss": {"vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/", "score": 7.5}, "description": "Check for the Version of busybox", "title": "CentOS Update for busybox CESA-2012:0810 centos6 ", "lastseen": "2016-09-26T20:39:30", "cvelist": ["CVE-2006-1168", "CVE-2011-2716"], "href": "http://plugins.openvas.org/nasl.php?oid=881234", "id": "OPENVAS:881234"}, {"published": "2012-02-21T00:00:00", "type": "openvas", "cvss": {"vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/", "score": 7.5}, "description": "Check for the Version of busybox", "title": "RedHat Update for busybox RHSA-2012:0308-03", "lastseen": "2016-09-26T20:39:10", "cvelist": ["CVE-2006-1168", "CVE-2011-2716"], "href": "http://plugins.openvas.org/nasl.php?oid=870557", "id": "OPENVAS:870557"}, {"published": "2012-06-22T00:00:00", "type": "openvas", "cvss": {"vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/", "score": 7.5}, "description": "Check for the Version of busybox", "title": "RedHat Update for busybox RHSA-2012:0810-04", "lastseen": "2016-09-26T20:39:15", "cvelist": ["CVE-2006-1168", "CVE-2011-2716"], "href": "http://plugins.openvas.org/nasl.php?oid=870773", "id": "OPENVAS:870773"}, {"published": "2015-10-06T00:00:00", "type": "openvas", "cvss": {"vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/", "score": 7.5}, "description": "Oracle Linux Local Security Checks ELSA-2012-0308", "title": "Oracle Linux Local Check: ELSA-2012-0308", "lastseen": "2016-11-16T16:43:40", "cvelist": ["CVE-2006-1168", "CVE-2011-2716"], "href": "http://plugins.openvas.org/nasl.php?oid=123972", "id": "OPENVAS:123972"}, {"published": "2012-08-14T00:00:00", "type": "openvas", "cvss": {"vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/", "score": 7.5}, "description": "Check for the Version of busybox", "title": "Mandriva Update for busybox MDVSA-2012:129 (busybox)", "lastseen": "2016-09-26T20:39:29", "cvelist": ["CVE-2006-1168", "CVE-2011-2716"], "href": "http://plugins.openvas.org/nasl.php?oid=831718", "id": "OPENVAS:831718"}, {"published": "2015-10-06T00:00:00", "type": "openvas", "cvss": {"vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/", "score": 7.5}, "description": "Oracle Linux Local Security Checks ELSA-2012-0810", "title": "Oracle Linux Local Check: ELSA-2012-0810", "lastseen": "2016-11-16T16:43:47", "cvelist": ["CVE-2006-1168", "CVE-2011-2716"], "href": "http://plugins.openvas.org/nasl.php?oid=123880", "id": "OPENVAS:123880"}, {"published": "2012-08-14T00:00:00", "type": "openvas", "cvss": {"vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/", "score": 7.5}, "description": "Check for the Version of busybox", "title": "Mandriva Update for busybox MDVSA-2012:129-1 (busybox)", "lastseen": "2016-09-26T20:39:30", "cvelist": ["CVE-2006-1168", "CVE-2011-2716"], "href": "http://plugins.openvas.org/nasl.php?oid=831720", "id": "OPENVAS:831720"}], "cve": [{"published": "2006-08-14T16:04:00", "type": "cve", "cvss": {"vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/", "score": 7.5}, "description": "The decompress function in compress42.c in (1) ncompress 4.2.4 and (2) liblzw allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code, via crafted data that leads to a buffer underflow.", "title": "CVE-2006-1168", "lastseen": "2016-09-03T06:37:05", "cvelist": ["CVE-2006-1168"], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-1168", "id": "CVE-2006-1168"}], "gentoo": [{"published": "2006-10-06T00:00:00", "type": "gentoo", "cvss": {"vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/", "score": 7.5}, "description": "### Background\n\nncompress is a suite of utilities to create and extract Lempel-Ziff-Welch (LZW) compressed archives. \n\n### Description\n\nTavis Ormandy of the Google Security Team discovered a static buffer underflow in ncompress. \n\n### Impact\n\nAn attacker could create a specially crafted LZW archive, that when decompressed by a user or automated system would result in the execution of arbitrary code with the permissions of the user invoking the utility. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll ncompress users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-arch/ncompress-4.2.4.1\"", "title": "ncompress: Buffer Underflow", "lastseen": "2016-09-06T19:46:05", "cvelist": ["CVE-2006-1168"], "href": "https://security.gentoo.org/glsa/200610-03", "id": "GLSA-200610-03"}, {"published": "2013-12-03T00:00:00", "type": "gentoo", "cvss": {"vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/", "score": 7.5}, "description": "### Background\n\nBusyBox is set of tools for embedded systems and is a replacement for GNU Coreutils. \n\n### Description\n\nMultiple vulnerabilities have been discovered in BusyBox. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could send a specially crafted DHCP request to possibly execute arbitrary code or cause Denial of Service. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll BusyBox users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=sys-apps/busybox-1.21.0\"", "title": "BusyBox: Multiple vulnerabilities", "lastseen": "2016-09-06T19:46:45", "cvelist": ["CVE-2013-1813", "CVE-2006-1168", "CVE-2011-2716"], "href": "https://security.gentoo.org/glsa/201312-02", "id": "GLSA-201312-02"}]}}